From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Miller <davem@davemloft.net>, linux-crypto@vger.kernel.org
Subject: [PATCH 0/2] Parallel crypto/IPsec v5
Date: Mon, 31 Aug 2009 11:11:45 +0200 [thread overview]
Message-ID: <20090831091145.GB32705@secunet.com> (raw)
This patchset adds the 'pcrypt' parallel crypto template. With this template it
is possible to process the crypto requests of a transform in parallel without
getting request reorder. This is in particular interesting for IPsec.
The parallel crypto template is based on a generic parallelization/serialization
method. This method uses the remote softirq invocation infrastructure for
parallelization and serialization. With this method data objects can be
processed in parallel, starting at some given point.
After doing some expensive operations in parallel, it is possible to serialize
again. The parallelized data objects return after serialization in the order as
they were before the parallelization. In the case of IPsec, this makes it
possible to run the expensive parts in parallel without getting packet
reordering.
Changes from v4:
- Use the dynamic percpu allocator
- Drop of the obsolete eseqiv changes (eseqiv is the default IV generator
for blockcipher algorithms on smp machines now).
Changes from v3:
- The generic aead wrapper is dropped.
- tcrypt is extended to test algorithms by name. So it is possible to
instantiate pcrypt by doing e.g.:
modprobe tcrypt alg="pcrypt(authenc(hmac(sha1),cbc(aes)))" type=3
Changes from v2:
- The xfrm netlink configuration code is dropped,
this will be an extra patchset.
- Add generic aead wrapper interface to be able to wrap an aead algorithm
with an arbitrary crypto template.
- Convert pcrypt to use the generic aead wrapper.
- Add support for aead algorithms to eseqiv.
- Add support for the pcrypt aead wrapper to authenc. It's now possible to
choose for pcrypt as the default authenc wrapper with a module parameter.
- Patchset applies to linux-2.6 git current.
Changes from v1:
- cpu_chainiv is dropped, pcrypt uses eseqiv as it's IV generator now.
- Add a xfrm netlink message to be able to choose for pcrypt from userspace.
- Use pcrypt just if it is selected from userspace.
Steffen
next reply other threads:[~2009-08-31 9:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-31 9:11 Steffen Klassert [this message]
2009-08-31 9:12 ` [PATCH 1/2] padata: generic interface for parallel processing Steffen Klassert
2009-09-19 23:19 ` Herbert Xu
2009-10-07 14:22 ` Steffen Klassert
2009-10-07 20:44 ` David Miller
2009-08-31 9:14 ` [PATCH 2/2] crypto: pcrypt - Add pcrypt crypto parallelization wrapper Steffen Klassert
2009-09-19 23:20 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090831091145.GB32705@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).